A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site

Alerts

Red Hat Security Update

6th October 2021

Red Hat has released security updates to address vulnerabilities affecting Red Hat Linux Enterprise. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Red Hat Security Advisories RHSA-2021:3725, RHSA-2021:3724 and RHSA-2021:3723 and apply necessary updates.

IBM Security Update

6th October 2021

IBM has released security updates to address vulnerabilities affecting its multiple products. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review IBM Security Bulletins for 4th October 2021 and apply necessary updates.

Amazon Security Update

6th October 2021

Amazon has released security updates to address vulnerabilities affecting Amazon Linux. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrators are encouraged to review Amazon Security Advisory  and apply necessary updates.

Oracle Linux Security Update

6th October 2021

Oracle has released security updates to address vulnerabilities affecting Oracle Linux OS. Exploitation of these vulnerabilities may allow an attacker to take control of an affected system.

Users and Administrator are encouraged to review Oracle Security Advisories for 5th October 2021 and apply necessary updates.

Apache HTTP Server Path Traversal Zero-Day Vulnerability CVE-2021-41773

6th October 2021

Advisory No: TZCERT/SA/2021/10/06

Date of First Release: 06th October 2021

Source: Apache

Software Affected: Apache HTTP Server 2.4.49

Overview

The vulnerability exists in the Apache web servers running version 2.4.49. The exploitation of this vulnerability could allow an attacker to use a path traversal attack to map URLs to files outside the expected document root.

Description

This vulnerability is caused by a bug in how the Apache server converts between different URL path schemes ( a process called URI normalization) due to input validation errors when processing directory traversal sequences.

A remote attacker can send a specially crafted HTTP request to map URLs to files outside the expected document root. If files outside the document root are not protected by “require all denied”, these requests can succeed. Additionally, this flaw could leak the source of interpreted files like CGI scripts.

Impact

Successful exploitation of this vulnerability may allow an attacker to use a path traversal attack to map URLs to files outside the expected document root.

Solution:

Apache has issued updates in a fixed version 2.4.50. Users and Administrators are encouraged to apply necessary updates.

References:

  1. https://www.tenable.com/blog/cve-2021-41773-path-traversal-zero-day-in-apache-http-server-exploited
  2. https://therecord.media/apache-fixes-actively-exploited-web-server-zero-day/
DISCLAIMER |FAQ |CONTACT US
Tanzania Computer Emergency Response Team © Copyright 2024, All Rights Reserved.